On Sun, Sep 12, 2010 at 3:20 AM, Mircea Carasel <[email protected]> wrote: > I made a sipxecs fresh install and I noticed that XML-RPC calls are not > working... ... > [mirc...@decebal ~]$ curl -k -X GETÂ https://decebal.buc.ro:8092/RPC2 > curl: (35) SSL connect error
I just rebuilt git HEAD and everything works (that's supposed to work anyway). For this command I get When i run this curl -v -k -X GET https://swift.hubler.us:8092/RPC2 I get * Connected to swift.hubler.us (192.168.1.2) port 8092 (#0) * Initializing NSS with certpath: /etc/pki/nssdb * warning: ignoring unsupported value (1) of ssl.verifyhost * CAfile: /etc/pki/tls/certs/ca-bundle.crt CApath: none * Certificate is signed by an untrusted issuer: '[email protected],CN=ca.swift.hubler.us,OU=sipXecs,O=hubler.us,L=AnyTown,ST=AnyState,C=US' * SSL certificate verify ok. * NSS: client certificate not found (nickname not specified) * SSL connection using TLS_RSA_WITH_AES_256_CBC_SHA * Server certificate: * subject: [email protected],CN=swift.hubler.us,OU=sipXecs,O=hubler.us,L=AnyTown,ST=AnyState,C=US * start date: Sep 13 20:27:41 2010 GMT * expire date: Sep 12 20:27:41 2013 GMT * common name: swift.hubler.us * issuer: [email protected],CN=ca.swift.hubler.us,OU=sipXecs,O=hubler.us,L=AnyTown,ST=AnyState,C=US When I run this head -n 15 /opt/sipx-4.3.0/etc/sipxpbx/ssl/ssl.crt Certificate: Data: Version: 3 (0x2) Serial Number: 21406829 (0x146a46d) Signature Algorithm: sha1WithRSAEncryption Issuer: C=US, ST=AnyState, L=AnyTown, O=hubler.us, OU=sipXecs, CN=ca.swift.hubler.us/[email protected] Validity Not Before: Sep 13 20:27:41 2010 GMT Not After : Sep 12 20:27:41 2013 GMT Subject: C=US, ST=AnyState, L=AnyTown, O=hubler.us, OU=sipXecs, CN=swift.hubler.us/[email protected] X509v3 extensions: X509v3 Basic Constraints: CA:FALSE X509v3 Subject Alternative Name: URI:sip:swift.hubler.us, DNS:swift.hubler.us See how the Issuer somewhat matches? Do they for your system? Are you sure you are specifying the FQDN (unless you have SRV configured) in the sipxecs-setup script. Lastly, are you sure another JDK didn't sneak onto your system. Here's a dump of java on my F12 system [dhub...@swift sipxpbx]$ alternatives --display java java - status is auto. link currently points to /usr/lib/jvm/jre-1.6.0-openjdk.x86_64/bin/java /usr/lib/jvm/jre-1.6.0-openjdk.x86_64/bin/java - priority 16000 slave javaws: /usr/lib/jvm/jre-1.6.0-openjdk.x86_64/bin/javaws slave keytool: /usr/lib/jvm/jre-1.6.0-openjdk.x86_64/bin/keytool slave orbd: /usr/lib/jvm/jre-1.6.0-openjdk.x86_64/bin/orbd slave pack200: /usr/lib/jvm/jre-1.6.0-openjdk.x86_64/bin/pack200 slave rmid: /usr/lib/jvm/jre-1.6.0-openjdk.x86_64/bin/rmid slave rmiregistry: /usr/lib/jvm/jre-1.6.0-openjdk.x86_64/bin/rmiregistry slave servertool: /usr/lib/jvm/jre-1.6.0-openjdk.x86_64/bin/servertool slave tnameserv: /usr/lib/jvm/jre-1.6.0-openjdk.x86_64/bin/tnameserv slave unpack200: /usr/lib/jvm/jre-1.6.0-openjdk.x86_64/bin/unpack200 slave jre_exports: /usr/lib/jvm-exports/jre-1.6.0-openjdk.x86_64 slave jre: /usr/lib/jvm/jre-1.6.0-openjdk.x86_64 slave java.1.gz: /usr/share/man/man1/java-java-1.6.0-openjdk.1.gz slave keytool.1.gz: /usr/share/man/man1/keytool-java-1.6.0-openjdk.1.gz slave orbd.1.gz: /usr/share/man/man1/orbd-java-1.6.0-openjdk.1.gz slave pack200.1.gz: /usr/share/man/man1/pack200-java-1.6.0-openjdk.1.gz slave rmid.1.gz: /usr/share/man/man1/rmid-java-1.6.0-openjdk.1.gz slave rmiregistry.1.gz: /usr/share/man/man1/rmiregistry-java-1.6.0-openjdk.1.gz slave servertool.1.gz: /usr/share/man/man1/servertool-java-1.6.0-openjdk.1.gz slave tnameserv.1.gz: /usr/share/man/man1/tnameserv-java-1.6.0-openjdk.1.gz slave unpack200.1.gz: /usr/share/man/man1/unpack200-java-1.6.0-openjdk.1.gz /usr/lib/jvm/jre-1.5.0-gcj/bin/java - priority 1500 slave javaws: (null) slave keytool: /usr/lib/jvm/jre-1.5.0-gcj/bin/keytool slave orbd: (null) slave pack200: (null) slave rmid: (null) slave rmiregistry: /usr/lib/jvm/jre-1.5.0-gcj/bin/rmiregistry slave servertool: (null) slave tnameserv: (null) slave unpack200: (null) slave jre_exports: /usr/lib/jvm-exports/jre-1.5.0-gcj slave jre: /usr/lib/jvm/jre-1.5.0-gcj slave java.1.gz: (null) slave keytool.1.gz: (null) slave orbd.1.gz: (null) slave pack200.1.gz: (null) slave rmid.1.gz: (null) slave rmiregistry.1.gz: (null) slave servertool.1.gz: (null) slave tnameserv.1.gz: (null) slave unpack200.1.gz: (null) Current `best' version is /usr/lib/jvm/jre-1.6.0-openjdk.x86_64/bin/java. _______________________________________________ sipx-dev mailing list [email protected] List Archive: http://list.sipfoundry.org/archive/sipx-dev/
